The Cybersecurity Hiring Crisis: A Billion-Dollar Problem?

A recent article tells us: “A small talent pool, an inflated wage bubble and the high tensions of a virulent attack landscape have made cybersecurity’s hiring crisis the ‘billion dollar’ problem.”

Richard Bejtlich, the chief security strategist at FireEye, tells ZDNet, “The prevalence of breaches is driving the creation of incident response teams, often from the ground up.”

The article cites Cisco’s 2014 Annual Security Report, which projects a global cybersecurity job shortage starting at 500,000 and domestically at minimum 30,000. The ZDNet piece continues:

“…the current state of infosec's tight talent pool means that its hiring challenges come with inflated price tags -- as well as all the problems that come with this singularly complex and specialized industry's ‘rockstar syndrome.’”

Bejtlich says, “The simple answer is that reduced supply of security people plus increased demand for their services equals higher wages. Until supply and demand become more closely matched, (expect) higher-than-normal overall wage growth for security talent, plus increased tendencies for people to change jobs.”

The shortage means that there aren’t enough top people to go around, meaning cybersecurity pros end up getting passed from company to company.

One might think that the answer is simply to get more cyber pros/hackers out there to fill the empty roles, but Bejtlich says that might not be the answer.

“I’m more concerned that the people in the industry spend their time effectively,” he says. “A 10-person team administering an antivirus solution is probably a waste of nine people. I would like to see IT assume more of the maintenance and deployment tasks of security and have security people spend more time on detection and response, as well as collaboration with the development community.”

ZDNet also spoke to Chris Hoff, vice president, strategy and technical marketing engineering – security, switching and solutions BU at Juniper Networks.

When asked where infosec needs to go from here, he said, “I think that the industry needs to grow up as much as it needs to grow out. While we need to ensure a trained and ready replacement workforce is prepared to supplement and succeed the current generation of security professionals, we should invest heavily in training those that already occupy the positions that protect our companies today.”

Hoff did not hold back as he continued. “The lack of investment in training, skills update and mentorship is really pathetic. If companies don’t invest in the people they have today, it’s pretty clear they won’t in the future.”


For more information, see the source article here: